Just a note about popularity of PAM:
https://github.com/intridea/omniauth/wiki/List-of-Strategies
The omniauth gem seems to support a number of authentication strategies,
but PAM is not among them :)
But I can understand your motivation, although particularly I'd prefer
to integrate directly to LDAP if I were you.
Cheers,
Rodrigo.
Em 16-05-2012 12:31, Rodrigo Rosenfeld Rosas escreveu:
This worked for my local passwords:
sudo apt-get install libpam-dev
gem install rpam-ruby19
ruby -rrpam -e "p Rpam.auth 'rodrigo', 'password'"
Em 16-05-2012 12:27, Rodrigo Rosenfeld Rosas escreveu:
This library seems to support PAM integration in Ruby:
https://github.com/canweriotnow/rpam-ruby19
Em 16-05-2012 12:18, Rodrigo Rosenfeld Rosas escreveu:
Em 16-05-2012 11:59, caruccio escreveu:
You are right. There is no "this is more/less standard than that".
But, when talking about something so basic, so widespread and
common, like authentication, for me (and that is my personal
opinion) seams much more logic to start implementing the common-case.
LDAP, and this is a fact, is not as common as passwd
authentication, so I'd start by authenticating local users, then
moving to PAM, LDAP and database authentication. It's just a point
of increasing complexity.
This is the first time I see someone requesting for PAM
authentication in this list. In the other side there was a number of
requests for LDAP support before it was implemented. So I don't
understand why you think PAM is more common than LDAP.
If you also take a look at other projects, there are a number of
them that do support LDAP, but I can't remember of an open-source
web application that is integrated to PAM.
I'm pretty sure that if you tell us what would be required to
integrate to PAM, someone could be interested on doing so. People
here know about Ruby, but not about PAM. If you know about PAM, but
not about Ruby, explaining how it works in implementation level
detailed requirements, I guess that would make this effort happen.
Of course I can do it myself, or pay someone at gitorious.org to do
it for me,
I said gitorious,com, not gitorious.org.
but hey, this is internet! Probably someone, somewhere has done it
already by simple pleasure (as I did before in other's projects).
Why not reuse?
Show us some open-source Ruby application that already integrates to
PAM and we could try to make it happen on Gitorious as well :)
Cheers,
Rodrigo.
On Wednesday, May 16, 2012 11:41:56 AM UTC-3, Rodrigo Rosenfeld
Rosas wrote:
I'd argument that LDAP is as standard as PAM. I don't
understand why you think that PAM is more "standard" than LDAP.
It is pretty common practice to re-enter the authentication
settings on each system you are integrating, just like it
happens on Redmine, ChiliProject and all other web systems I
know about.
I don't consider this a duplication in the same sense when we
talk about programming.
You can consider writing a Chef recipe that will set up your
server for you. That way you would enter the credential
settings in a single place and your chef recipe would replicate
them to each configured application.
But the most important thing is that this is no valid argument
for not using an application just because it doesn't integrate
to PAM IMO.
That is why I'm wishing you good luck on trying to convince
someone to add support to PAM authentication for free just to
make you happy.
You can also try hire the Gitorious company to integrate it to PAM:
http://gitorious.com/
That would be more likely to work if this is so important to you.
Kind regards,
Rodrigo.
Em 16-05-2012 11:23, caruccio escreveu:
All my software already integrate fine because I use PAM as my
"auth gateway".
What I'm trying to point out is that gitorious could have a
more "standard" authentication module, like PAM, out of the
box (please note it's not a demand, only an observation).
On Wednesday, May 16, 2012 11:07:56 AM UTC-3, Rodrigo
Rosenfeld Rosas wrote:
Then I wish you luck on any software with authentication
that you intend to integrate to your server.
Em 16-05-2012 10:54, caruccio escreveu:
Can I use (import) my existing LDAP configuration into
gitorious automatically?
If not, it will be duplicated: one in /etc/ldap.conf and
another in authentication.yml
I mean, two files with same information is redundant
information (not good).
On Wednesday, May 16, 2012 9:25:25 AM UTC-3, Sebastian
Otaegui wrote:
How is authenticating directly against ldap
duplicated configuration?
On Wed, May 16, 2012 at 7:16 AM, caruccio
<[email protected] <mailto:[email protected]>> wrote:
Because the machine already authenticates against
LDAP (via PAM), and our IT do not accept
duplicated configuration for the simple purpose
of authentication (what makes sense for me).
I really want to use gitorious and become freed
of manual git management.
Last week I almost did a 'rm -r * module' (note
an extra space between '*' and 'module') on our
entire repository.
On Tuesday, May 15, 2012 4:18:20 PM UTC-3,
caruccio wrote:
Hello everybody.
Sorry for my just-joined-and-start-posting
behavior, but that was really necessary :(
Long story short: I need to authenticate my
gitorious web clients against local unix
users (in fact, it uses LDAP/PAM).
Is it possible? Where can I find help on this
topic?
That LDAPAuthenticator is not enough. My IT
department is all about 'internal policies'
and I need to fit their requirements.
PS: I'm completely illiterate in ruby. Maybe
it's time to learn some .rb :P
Thanks for any help,
Mateus Caruccio
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
